Incriminating documents planted on Indian priest's computer, cybersecurity firm says

US investigators say Father Stan Swamy, who died in custody in 2021, was arrested based on falsified evidence

A prayer meeting for Father Stan Swamy outside a church in Mumbai in 2021. EPA
Beta V.1.0 - Powered by automated translation

Incriminating documents were planted on the computer of an Indian Jesuit priest and tribal rights activist who died in custody after being held on terrorism charges, new research by a cybersecurity firm has found.

Father Stan Swamy, 84, was arrested in October 2020 on terrorism charges and over his alleged role in 2018 violence on the anniversary of the Battle of Bhima Koregaon between Dalits and upper-caste Hindus.

More than a dozen lawyers, academics and activists were also arrested in the case and many still remain in custody without trial.

The case was initially handled by Pune city police but was later transferred to the federal National Investigation Agency following allegations the accused were banned communist armed militias, or Maoists, and were planning to assassinate Prime Minister Narendra Modi.

Father Swamy, who said he was innocent throughout his detention, was the oldest among the accused and was kept in custody despite suffering from advanced Parkinson’s disease.

He died in prison in July 2021, triggering global condemnation against New Delhi amid allegations that the arrests were a government attempt to stifle dissent.

Activists protest in solidarity with Jesuit priest and activist Stan Swamy in New Delhi, India, in 2021. EPA

The government defended the crackdown, claiming that certain academics and activists were plotting a coup in alliance with the armed communist rebels.

But the latest research by the US-based Arsenal Consulting has contested the claims after it said evidence was planted on devices in a covert operation that lasted years.

The Boston-based forensic firm that was hired by Father Swamy’s legal team found that digital evidence used against him was planted on his hard drive starting in 2014 using a Remote Access Trojan.

RATs allow an attacker to both remotely access the victims’ computer and transfer files to and from the device.

The hacker surveyed as many as 24,000 files on Father Swamy’s device and recorded all his passwords.

The forensics firm said the digital files were planted on Father Swamy’s hard drive across two hacking campaigns starting in July 2017 and continuing until June 2019.

It was on the basis of these documents that he was arrested on allegations that he was part of the Maoist conspiracy.

“In Father Stan’s case, every single thing he typed was recorded using a process called 'keylogging',” the Arsenal report said.

“Over 50 files were created on Father Stan’s hard drive, including incriminating documents that fabricated links between Father Stan and the Maoist insurgency.”

His lawyers had raised serious doubts about the authenticity of the documents.

In a video recorded just before his arrest in 2020, Father Swamy “denied and disowned every single extract” put before him by investigators.

Arsenal said the attackers had accessed Father Swamy’s computer with the goals of surveillance and planting the documents.

“Arsenal has effectively caught the attacker red-handed, based on remnants of their activity left behind in file system transactions, application execution data and otherwise,” it said.

Critics have described the arrests as a witch-hunt against dissenters by the right-wing Hindu nationalist government of Mr Modi.

Father Swamy’s case garnered international attention after he was refused bail and had to plead for a sipper and a straw to drink, as he had difficulties drinking from a glass.

Authorities at the high-security Taloja jail in Mumbai declined his request for a sipper and opposed his bail application.

He was posthumously given an award by the Geneva-based Martin Ennals Foundation at Human Rights Defenders 2022.

The latest report by Arsenal backs a similar investigation claim by another leading US cybersecurity firm that accused Pune police officers of planting incriminating documents on the devices of at least three of the accused that was later used against them as evidence in the Bhima Koregaon case.

Cybersecurity firm SentinelOne in June said that email accounts of activist Rona Wilson, poet Varavara Rao and University professor Hany Babu were hacked. “False incriminating files” were planted on their computers “that the same police then used as grounds to arrest and jail them”.

It further said that the account recovery email on all three accounts included the “full name of a police official in Pune who was closely involved in the Bhima Koregaon case”.

Mr Rao, 82, was released on bail in August on medical grounds.

Updated: December 14, 2022, 9:04 AM
EDITOR'S PICKS